oweals/openssl.git
9 years agoConfiguration cleanup: personal configs
Richard Levitte [Thu, 12 Mar 2015 13:58:07 +0000 (14:58 +0100)]
Configuration cleanup: personal configs

Move obviously personal configurations to personal files.

Note: those files should really not be in the main repo at all

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoUpdated TABLE
Richard Levitte [Mon, 16 Mar 2015 21:01:01 +0000 (22:01 +0100)]
Updated TABLE

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoFind debug- targets that can be combined with their non-debug counterparts and do so
Richard Levitte [Thu, 12 Mar 2015 13:55:05 +0000 (14:55 +0100)]
Find debug- targets that can be combined with their non-debug counterparts and do so

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoChange all the main configurations to the new format.
Richard Levitte [Tue, 10 Mar 2015 23:58:50 +0000 (00:58 +0100)]
Change all the main configurations to the new format.

As part of this, remove some levitte examples that never were relevant.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoRethink templates.
Richard Levitte [Tue, 10 Mar 2015 21:04:44 +0000 (22:04 +0100)]
Rethink templates.

Because base templates express inheritance of values, the attribute is
renamed to 'inherit_from', and texts about this talk about 'inheritance(s)'
rather than base templates.

As they were previously implemented, base templates that were listed
together would override one another, the first one acting as defaults for
the next and so on.

However, it was pointed out that a strength of inheritance would be to
base configurations on several templates - for example one for CPU, one
for operating system and one for compiler - and that requires a different
way of combining those templates.  With this change, inherited values
from several inheritances are concatenated by default (keep on reading).

Also, in-string templates with the double-curly syntax are removed,
replaced with the possibility to have a configuration value be a coderef
(i.e. a 'sub { /* your code goes here */ }') that gets the list of values
from all inheritances as the list @_.  The result of executing such a
coderef on a list of values is assumed to become a string.  ANY OTHER
FORM OF VALUE WILL CURRENTLY BREAK.

As a matter of fact, an attribute in the current config with no value is
assumed to have this coderef as value:

    sub { join(' ', @_) }

While we're at it, rename debug-[cl]flags to debug_[cl]flags and
nodebug-[cl]flags to release_[cl]flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoProvide a few examples by converting my own strings to hash table configurations
Richard Levitte [Fri, 6 Mar 2015 09:16:05 +0000 (10:16 +0100)]
Provide a few examples by converting my own strings to hash table configurations

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoAdd base template processing.
Richard Levitte [Fri, 6 Mar 2015 09:01:08 +0000 (10:01 +0100)]
Add base template processing.

Base templates are templates that are used to inherit from.  They can
loosely be compared with parent class inheritance in object orientation.
They can be used for the same purpose as the variables with multi-field
strings are used in old-style string configurations.

Base templates are declared with the base_templates configuration
attribute, like so:

"example_target" => {
base_templates => [ "x86_asm", ... ]
...
}

Note: The value of base_templates MUST be an array reference (an array
enclosed in square brackets).

Any configuration target can be used as a base template by another.  It
is also possible to have a target that's a pure template and not meant to
be used directly as a configuration target.  Such a target is marked with
the template configuration attribute, like so:

"example_template" => {
template => 1,
cc => "mycc",
...
},

As part of this commit, all variables with multi-field strings have been
translated to pure templates.  The variables currently remain since we
can't expect people to shift to hash table configurations immediately.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoAdd template reference processing.
Richard Levitte [Fri, 6 Mar 2015 02:00:53 +0000 (03:00 +0100)]
Add template reference processing.

Template references are words with double brackets, and refer to the
same field in the target pointed at the the double bracketed word.

For example, if a target's configuration has the following entry:

    'cflags' => '-DFOO {{x86_debug}}'

... then {{x86_debug}} will be replaced with the 'cflags' value from
target 'x86_debug'.

Note: template references are resolved recursively, and circular
references are not allowed

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoRewrite Configure to handle the target values as hash tables.
Richard Levitte [Fri, 6 Mar 2015 01:00:21 +0000 (02:00 +0100)]
Rewrite Configure to handle the target values as hash tables.

The reasoning is that configuration strings are hard to read and error
prone, and that a better way would be for them to be key => value hashes.

Configure is made to be able to handle target configuration values as a
string as well as a hash.  It also does the best it can to combine a
"debug-foo" target with a "foo" target, given that they are similar
except for the cflags and lflags values.  The latter are spliced into
options that are common for "debug-foo" and "foo", options that exist
only with "debug-foo" and options that exist only with "foo", and make
them into combinable attributes that holds common cflags, extra cflags
for debuggin and extra cflags for non-debugging configurations.

The next step is to make it possible to have template configurations.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoMake X509_ATTRIBUTE opaque.
Dr. Stephen Henson [Sat, 14 Mar 2015 23:48:47 +0000 (23:48 +0000)]
Make X509_ATTRIBUTE opaque.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix regression in ASN1_UTCTIME_cmp_time_t
Carl Jackson [Sat, 31 Jan 2015 10:22:47 +0000 (02:22 -0800)]
Fix regression in ASN1_UTCTIME_cmp_time_t

Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if
s < t, and 0 if s == t.

This behavior was broken in a refactor [0], resulting in the opposite
time comparison behavior.

[0]: 904348a4922333106b613754136305db229475ea

PR#3706

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoOPENSSL_NO_EC* merge; missed one file
Rich Salz [Sun, 15 Mar 2015 18:49:15 +0000 (14:49 -0400)]
OPENSSL_NO_EC* merge; missed one file

Missed one file in the #ifdef merge; thanks Kurt.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoUpdate ordinals, fix error message.
Dr. Stephen Henson [Sat, 14 Mar 2015 22:42:55 +0000 (22:42 +0000)]
Update ordinals, fix error message.

Update error messages to say "EC is disabled" these can then be picked up
by mkdef.pl.

Update ordinals.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoRemove ssl_cert_inst()
Kurt Roeckx [Sat, 14 Mar 2015 17:09:44 +0000 (18:09 +0100)]
Remove ssl_cert_inst()

It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoAvoid reading an unused byte after the buffer
Andy Polyakov [Sat, 21 Feb 2015 12:51:56 +0000 (13:51 +0100)]
Avoid reading an unused byte after the buffer

Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoFix undefined behaviour in shifts.
Emilia Kasper [Sat, 14 Mar 2015 04:10:13 +0000 (21:10 -0700)]
Fix undefined behaviour in shifts.

Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts.
If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable
in an integer, behaviour is undefined. In other words, you can't shift into the sign bit
of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24.

(For consistency, cast other shifts, too.)

Caught by -fsanitize=shift

Submitted by Nick Lewycky (Google)

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoAllocate string types directly.
Dr. Stephen Henson [Tue, 24 Feb 2015 00:57:51 +0000 (00:57 +0000)]
Allocate string types directly.

Allocate and free ASN.1 string types directly instead of going through
the ASN.1 item code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix key wrapping mode with padding to conform to RFC 5649.
Petr Spacek [Mon, 26 Jan 2015 13:39:50 +0000 (14:39 +0100)]
Fix key wrapping mode with padding to conform to RFC 5649.

According to RFC 5649 section 4.1 step 1) we should not add padding
if plaintext length is multiply of 8 ockets.

This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F
on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2.

PR#3675

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoRemove obsolete declarations.
Dr. Stephen Henson [Thu, 12 Mar 2015 14:12:17 +0000 (14:12 +0000)]
Remove obsolete declarations.

Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been
used internally in OpenSSL for some time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoUpdate mkstack.pl to match safestack.h
Dr. Stephen Henson [Thu, 12 Mar 2015 14:05:27 +0000 (14:05 +0000)]
Update mkstack.pl to match safestack.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoASN.1 print fix.
Dr. Stephen Henson [Wed, 11 Mar 2015 23:30:52 +0000 (23:30 +0000)]
ASN.1 print fix.

When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoadditional configuration documentation
Dr. Stephen Henson [Sun, 1 Mar 2015 15:25:39 +0000 (15:25 +0000)]
additional configuration documentation

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoFix RSA_X931_derive_ex
Matt Caswell [Wed, 11 Mar 2015 17:43:38 +0000 (17:43 +0000)]
Fix RSA_X931_derive_ex

In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return
NULL on error. However the return value is not tested until *after* it is
derefed! Also at the top of the function a test is made to ensure that
|rsa| is not NULL. If it is we go to the "err" label. Unfortunately the
error handling code deref's rsa.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoSSL_check_chain fix
Matt Caswell [Wed, 11 Mar 2015 17:01:38 +0000 (17:01 +0000)]
SSL_check_chain fix

If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY
or the type of the public key is unrecognised then the local variable
|cpk| in tls1_check_chain does not get initialised. Subsequently an
attempt is made to deref it (after the "end" label), and a seg fault will
result.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoFix missing return checks in v3_cpols.c
Matt Caswell [Wed, 11 Mar 2015 20:50:20 +0000 (20:50 +0000)]
Fix missing return checks in v3_cpols.c

Fixed assorted missing return value checks in c3_cpols.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix dsa_pub_encode
Matt Caswell [Wed, 11 Mar 2015 20:19:08 +0000 (20:19 +0000)]
Fix dsa_pub_encode

The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix dh_pub_encode
Matt Caswell [Wed, 11 Mar 2015 20:08:16 +0000 (20:08 +0000)]
Fix dh_pub_encode

The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix asn1_item_print_ctx
Matt Caswell [Wed, 11 Mar 2015 19:41:01 +0000 (19:41 +0000)]
Fix asn1_item_print_ctx

The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoASN1_primitive_new NULL param handling
Matt Caswell [Wed, 11 Mar 2015 16:00:01 +0000 (16:00 +0000)]
ASN1_primitive_new NULL param handling

ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoFix EVP_DigestInit_ex with NULL digest
Matt Caswell [Wed, 11 Mar 2015 15:41:52 +0000 (15:41 +0000)]
Fix EVP_DigestInit_ex with NULL digest

Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agoFix error handling in bn_exp
Matt Caswell [Wed, 11 Mar 2015 15:31:16 +0000 (15:31 +0000)]
Fix error handling in bn_exp

In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
9 years agossl/s3_clnt.c: fix intermittent failures.
Andy Polyakov [Thu, 12 Mar 2015 07:54:28 +0000 (08:54 +0100)]
ssl/s3_clnt.c: fix intermittent failures.

[and respect error return value in ssltest.c]

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMerge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Rich Salz [Tue, 10 Mar 2015 23:09:27 +0000 (19:09 -0400)]
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC

Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoFix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Matt Caswell [Tue, 10 Mar 2015 23:15:15 +0000 (23:15 +0000)]
Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoMove Configurations* out of the way and rename them.
Richard Levitte [Wed, 11 Mar 2015 09:22:50 +0000 (10:22 +0100)]
Move Configurations* out of the way and rename them.

Configure would load the glob "Configurations*".  The problem with
this is that it also loads all kinds of backups of those
configurations that some editors do, like emacs' classic
'Configurations~'.  The solution is to give them an extension, such as
'.conf', and make sure to end the glob with that.

Also, because 'Configurations.conf' makes for a silly name, and
because a possibly large number of configurations will become clutter,
move them to a subdirectory 'Configurations/', and rename them to
something more expressive, as well as something that sets up some form
of sorting order.  Thus:

    Configurations -> Configurations/10-main.conf
    Configurations.team -> Configurations/90-team.conf

Finally, make sure that Configure sorts the list of files that 'glob'
produces, and adapt Makefile.org.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoCleanse buffers
Matt Caswell [Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)]
Cleanse buffers

Cleanse various intermediate buffers used by the PRF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoHarmonize return values in dtls1_buffer_record
Emilia Kasper [Wed, 4 Mar 2015 21:05:53 +0000 (13:05 -0800)]
Harmonize return values in dtls1_buffer_record

Ensure all malloc failures return -1.

Reported by Adam Langley (Google).

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoBIO_debug_callback: Fix output on 64-bit machines
Richard Godbee [Sun, 21 Sep 2014 06:14:11 +0000 (02:14 -0400)]
BIO_debug_callback: Fix output on 64-bit machines

BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoPrevent handshake with unseeded PRNG
Matt Caswell [Thu, 26 Feb 2015 11:56:00 +0000 (11:56 +0000)]
Prevent handshake with unseeded PRNG

Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix wrong numbers being passed as string lengths
Dmitry-Me [Sun, 1 Jun 2014 17:30:52 +0000 (21:30 +0400)]
Fix wrong numbers being passed as string lengths

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoupdate ordinals
Dr. Stephen Henson [Mon, 9 Mar 2015 16:55:18 +0000 (16:55 +0000)]
update ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoWrong SSL version in DTLS1_BAD_VER ClientHello
David Woodhouse [Mon, 2 Mar 2015 16:20:15 +0000 (16:20 +0000)]
Wrong SSL version in DTLS1_BAD_VER ClientHello

Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.

RT#3711

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix DTLS1_BAD_VER regression
Matt Caswell [Mon, 2 Mar 2015 14:34:19 +0000 (14:34 +0000)]
Fix DTLS1_BAD_VER regression

Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).

Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoCleanse PKCS#8 private key components.
Dr. Stephen Henson [Tue, 3 Mar 2015 14:20:23 +0000 (14:20 +0000)]
Cleanse PKCS#8 private key components.

New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoAdditional CMS documentation.
Dr. Stephen Henson [Tue, 24 Feb 2015 16:35:37 +0000 (16:35 +0000)]
Additional CMS documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoARMv4 assembly pack: add Cortex-A15 performance data.
Andy Polyakov [Tue, 3 Mar 2015 20:44:53 +0000 (21:44 +0100)]
ARMv4 assembly pack: add Cortex-A15 performance data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoGitHub 237: Use https for IETF links
Viktor Szakats [Sun, 8 Mar 2015 02:24:40 +0000 (21:24 -0500)]
GitHub 237:  Use https for IETF links

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agomake errors
Matt Caswell [Fri, 6 Mar 2015 13:01:31 +0000 (13:01 +0000)]
make errors

Run make errors on master

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoUpdate mkerr.pl for new format
Matt Caswell [Fri, 6 Mar 2015 13:00:47 +0000 (13:00 +0000)]
Update mkerr.pl for new format

Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoupdate TABLE
Richard Levitte [Fri, 6 Mar 2015 00:16:29 +0000 (01:16 +0100)]
update TABLE

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoCleanup spaces
Richard Levitte [Fri, 6 Mar 2015 00:16:19 +0000 (01:16 +0100)]
Cleanup spaces

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoCatch up the VMS build.
Richard Levitte [Thu, 5 Mar 2015 17:19:06 +0000 (18:19 +0100)]
Catch up the VMS build.

crypto/crypto-lib.com - catch up with the OCSP changes
test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoMake STACK_OF opaque.
Dr. Stephen Henson [Thu, 5 Mar 2015 15:17:33 +0000 (15:17 +0000)]
Make STACK_OF opaque.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoupdate ordinals
Dr. Stephen Henson [Thu, 5 Mar 2015 15:44:41 +0000 (15:44 +0000)]
update ordinals

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMake OCSP structures opaque.
Dr. Stephen Henson [Thu, 5 Mar 2015 13:41:11 +0000 (13:41 +0000)]
Make OCSP structures opaque.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoUse constants not numbers
Kurt Cancemi [Wed, 4 Mar 2015 10:57:45 +0000 (10:57 +0000)]
Use constants not numbers

This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c

RT#3725

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoUnchecked malloc fixes
Matt Caswell [Wed, 4 Mar 2015 17:49:51 +0000 (17:49 +0000)]
Unchecked malloc fixes

Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoadd RIPEMD160 whirlpool tests
Dr. Stephen Henson [Sun, 1 Mar 2015 15:38:56 +0000 (15:38 +0000)]
add RIPEMD160 whirlpool tests

Add RIPEMD160 and whirlpool test data.
Add Count keyword to repeatedly call EVP_DigestUpate.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoCheck public key is not NULL.
Dr. Stephen Henson [Wed, 18 Feb 2015 00:34:59 +0000 (00:34 +0000)]
Check public key is not NULL.

CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoFix format script.
Dr. Stephen Henson [Mon, 2 Mar 2015 13:26:29 +0000 (13:26 +0000)]
Fix format script.

The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoCleanup some doc files
Rich Salz [Mon, 2 Mar 2015 01:46:38 +0000 (20:46 -0500)]
Cleanup some doc files

ACKNOWLEDGEMENTS is now spelled correctly :)
README.ASN1 talked about 0.9.6, so it's deleted.
I turned doc/standards.txt into a set of one-line summaries of RFCs, and
also updated the pointers to original sources (to be web links)

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoRemove experimental 56bit export ciphers
Rich Salz [Fri, 27 Feb 2015 20:06:41 +0000 (15:06 -0500)]
Remove experimental 56bit export ciphers

These ciphers are removed:
    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5
    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA
    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA
    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA
They were defined in a long-expired IETF internet-draft:
draft-ietf-tls-56-bit-ciphersuites-01.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix d2i_SSL_SESSION for DTLS1_BAD_VER
Matt Caswell [Fri, 27 Feb 2015 16:52:07 +0000 (16:52 +0000)]
Fix d2i_SSL_SESSION for DTLS1_BAD_VER

Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFixed missing return value checks.
Matt Caswell [Thu, 26 Feb 2015 11:54:58 +0000 (11:54 +0000)]
Fixed missing return value checks.

Added various missing return value checks in tls1_change_cipher_state.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix missing return value checks.
Matt Caswell [Thu, 26 Feb 2015 11:53:55 +0000 (11:53 +0000)]
Fix missing return value checks.

Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoreformat evp_test.c
Dr. Stephen Henson [Fri, 27 Feb 2015 02:50:41 +0000 (02:50 +0000)]
reformat evp_test.c

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoAdd OCB support and test vectors for evp_test.
Dr. Stephen Henson [Fri, 27 Feb 2015 00:49:47 +0000 (00:49 +0000)]
Add OCB support and test vectors for evp_test.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoSkip unsupported digests in evp_test
Dr. Stephen Henson [Thu, 26 Feb 2015 19:58:20 +0000 (19:58 +0000)]
Skip unsupported digests in evp_test

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoadd MD4 test data
Dr. Stephen Henson [Thu, 26 Feb 2015 19:46:03 +0000 (19:46 +0000)]
add MD4 test data

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoSkip unsupported ciphers in evp_test.
Dr. Stephen Henson [Thu, 26 Feb 2015 19:26:53 +0000 (19:26 +0000)]
Skip unsupported ciphers in evp_test.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoMake OpenSSL compile with no-rc4
Dr. Stephen Henson [Thu, 26 Feb 2015 19:23:38 +0000 (19:23 +0000)]
Make OpenSSL compile with no-rc4

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoAdd algorithm skip support.
Dr. Stephen Henson [Thu, 26 Feb 2015 18:54:12 +0000 (18:54 +0000)]
Add algorithm skip support.

Add support for skipping disabled algorithms: if an attempt to load a
public or private key results in an unknown algorithm error then any
test using that key is automatically skipped.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix evp_extra_test.c with no-ec
Matt Caswell [Thu, 26 Feb 2015 10:35:50 +0000 (10:35 +0000)]
Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoRemove NETSCAPE_HANG_BUG
Matt Caswell [Wed, 25 Feb 2015 23:28:24 +0000 (23:28 +0000)]
Remove NETSCAPE_HANG_BUG
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago
(2000).
It predates DTLS, so certainly has no place in d1_srvr.c.
In s3_srvr.c it forces the ServerDone to appear in the same record as the
CertificateRequest when doing client auth.

BoringSSL have already made the same commit:
79ae85e4f777f94d91b7be19e8a62016cb55b3c5

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoRemoved support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
Matt Caswell [Thu, 5 Feb 2015 17:13:46 +0000 (17:13 +0000)]
Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoUpdate the SHA* documentation
Matt Caswell [Wed, 25 Feb 2015 15:25:27 +0000 (15:25 +0000)]
Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoFix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
Rainer Jung [Tue, 24 Feb 2015 19:12:17 +0000 (19:12 +0000)]
Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix some minor documentation issues
Matt Caswell [Fri, 20 Feb 2015 09:18:29 +0000 (09:18 +0000)]
Fix some minor documentation issues

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoRemove pointless free, and use preferred way of calling d2i_* functions
Matt Caswell [Tue, 10 Feb 2015 16:21:30 +0000 (16:21 +0000)]
Remove pointless free, and use preferred way of calling d2i_* functions

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoAdd dire warnings about the "reuse" capability of the d2i_* functions.
Matt Caswell [Tue, 10 Feb 2015 16:08:33 +0000 (16:08 +0000)]
Add dire warnings about the "reuse" capability of the d2i_* functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoProvide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Matt Caswell [Tue, 10 Feb 2015 15:45:56 +0000 (15:45 +0000)]
Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoFix a failure to NULL a pointer freed on error.
Matt Caswell [Mon, 9 Feb 2015 11:38:41 +0000 (11:38 +0000)]
Fix a failure to NULL a pointer freed on error.

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoImport evp_test.c from BoringSSL. Unfortunately we already have a file
Matt Caswell [Mon, 9 Feb 2015 09:45:35 +0000 (09:45 +0000)]
Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>
9 years agoAdd documentation for the -no_alt_chains option for various apps, as well as
Matt Caswell [Tue, 27 Jan 2015 11:15:15 +0000 (11:15 +0000)]
Add documentation for the -no_alt_chains option for various apps, as well as
the X509_V_FLAG_NO_ALT_CHAINS flag.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoAdd -no_alt_chains option to apps to implement the new
Matt Caswell [Tue, 27 Jan 2015 10:50:38 +0000 (10:50 +0000)]
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoAdd flag to inhibit checking for alternate certificate chains. Setting this
Matt Caswell [Tue, 27 Jan 2015 10:35:27 +0000 (10:35 +0000)]
Add flag to inhibit checking for alternate certificate chains. Setting this
behaviour will force behaviour as per previous versions of OpenSSL

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoIn certain situations the server provided certificate chain may no longer be
Matt Caswell [Tue, 27 Jan 2015 10:03:29 +0000 (10:03 +0000)]
In certain situations the server provided certificate chain may no longer be
valid. However the issuer of the leaf, or some intermediate cert is in fact
in the trust store.

When building a trust chain if the first attempt fails, then try to see if
alternate chains could be constructed that are trusted.

RT3637
RT3621

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
9 years agoRemove CVS filtering from find targets
Rich Salz [Tue, 24 Feb 2015 22:45:08 +0000 (17:45 -0500)]
Remove CVS filtering from find targets

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoMove build config table to separate files.
Rich Salz [Tue, 24 Feb 2015 22:40:22 +0000 (17:40 -0500)]
Move build config table to separate files.

Move the build configuration table into separate files.  The Configurations
file is standard configs, and Configurations.team is for openssl-team
members.  Any other file, Configurations*, found in the same directory
as the Configure script, is loaded.

To add another file, use --config=FILE flags (which should probably be
an absolute path).

Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz
<rsalz@openssl.org>, contributed by Akamai Technologies.

Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoDocument -no_explicit
Dr. Stephen Henson [Tue, 24 Feb 2015 13:52:21 +0000 (13:52 +0000)]
Document -no_explicit

Reviewed-by: Rich Salz <rsalz@openssl.org>
9 years agoFix crash in SPARC T4 XTS.
Andy Polyakov [Sun, 22 Feb 2015 16:43:11 +0000 (17:43 +0100)]
Fix crash in SPARC T4 XTS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoaes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.
Andy Polyakov [Tue, 24 Feb 2015 09:07:22 +0000 (10:07 +0100)]
aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.

XTS bug spotted and fix suggested by Adrian Kotelba.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoDon't set no_protocol if -tls1 selected.
Dr. Stephen Henson [Tue, 24 Feb 2015 02:27:51 +0000 (02:27 +0000)]
Don't set no_protocol if -tls1 selected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
9 years agoperlasm/x86masm.pl: make it work.
Andy Polyakov [Sun, 22 Feb 2015 18:23:25 +0000 (19:23 +0100)]
perlasm/x86masm.pl: make it work.

Though this doesn't mean that masm becomes supported, the script is
still provided on don't-ask-in-case-of-doubt-use-nasm basis.
See RT#3650 for background.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agosha/asm/sha1-586.pl: fix typo.
Andy Polyakov [Sun, 22 Feb 2015 18:19:26 +0000 (19:19 +0100)]
sha/asm/sha1-586.pl: fix typo.

The typo doesn't affect supported configuration, only unsupported masm.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoevp/evp_test.c: avoid crashes when referencing uninitialized pointers.
Andy Polyakov [Sun, 22 Feb 2015 18:13:35 +0000 (19:13 +0100)]
evp/evp_test.c: avoid crashes when referencing uninitialized pointers.

For some reason failure surfaced on ARM platforms.

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agotypo
Dr. Stephen Henson [Sun, 22 Feb 2015 13:13:12 +0000 (13:13 +0000)]
typo

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
9 years agoFix null-pointer dereference
Edgar Pek [Sat, 21 Feb 2015 13:56:41 +0000 (14:56 +0100)]
Fix null-pointer dereference

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years agoFix memory leak
Kurt Roeckx [Sat, 21 Feb 2015 13:51:50 +0000 (14:51 +0100)]
Fix memory leak

Reviewed-by: Matt Caswell <matt@openssl.org>
9 years agoAvoid a double-free in an error path.
Doug Hogan [Thu, 8 Jan 2015 02:21:01 +0000 (18:21 -0800)]
Avoid a double-free in an error path.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>